1. Field of the Invention
The invention relates to the importing of information, especially application information, onto a chip card, which has a memory with a directory.
2. Description of Related Art
Since the mid-1980s, chip cards have been used in an increasing number of spheres of daily life. The success of chip cards is based essentially on their high manipulation security and reliability. Furthermore, great flexibility for a large number of chip card applications is guaranteed by the programmability of the chips on the chip card. Chip cards are discussed generally in Smart Cards by Jerome Svigals (MacMillan Pub. Co., 1985), which is specifically incorporated by reference herein.
The manufacture of a chip card up to the point at which it can be issued to a user is described in RankliEffing: Handbuch der Chipkarten, Karl Hanser Verlag, 1996, which is specifically incorporated by reference herein. After a module with the semiconductor chip has been embedded into the chip card, global data and personal data of the future card user is then imported onto the chip card. In this regard the issuer of the chip card is increasingly importing several applications simultaneously onto the chip card.
The internal structure of the chip card basically conforms to the ISO 7816/4 standard, which is specifically incorporated by reference herein. The data and/or the code belonging to an application are normally deposited in files. The files are located in a directory in the chip card memory. The files and the directory are imported by the card issuer onto the chip card. If a new application is to be placed by an application supplier on a chip card which has already been issued, particular attention should be paid to the chip card security system. This is especially true if applications which are not under the control of the card issuer are involved. If an application supplier places data and/or code independently on the chip card, the danger exists that the data and/or code deposited will undermine the security of the chip card. This may be the intention if it is insinuated that the application supplier has an interest in spying out applications of the card issuer or other application suppliers. However, unintentional impairment of the security system of the chip card may also be caused in particular by the erroneous placing of new applications.
A method is known from DE 38 07 997 of placing data on a chip card. The chip card has a memory, which is divided into several sub-areas. One of these sub-areas is formed as a protected sub-area, in which address information and error-checking codes for other sub-areas are stored. The protected sub-area is protected by programming the microprocessor of the chip card in such a way that it prevents access of a terminal to the protected sub-area. Information which is disposed in the protected sub-area can hereby be protected against the access of an unauthorized application supplier.
The German patent application with the file reference 196 26 339 discloses a method of loading applications and data securely onto chip cards. In this method, an identification character is allocated. The identification character is ascertained before execution of a command, by means of which the data are to be imported into a sub-area of the chip card. In ascertaining the identification character, it is established whether execution of the command in the sub-area is permitted. Execution of the command is prevented if it is established when ascertaining the identification character that execution of the command is not permitted in the sub-area. The execution of certain commands, in particular commands for importing applications onto the chip card, can hereby be limited to certain sub-areas.
In the case of a further known method for importing application information onto a chip card, the information is provided with an electronic signature. The electronic signature is calculated in this process by means of a cryptographic key from an electronic fingerprint of the information. The information and the electronic signature are transferred to the chip card. On the chip card, another electronic signature of the information transferred to the chip card is calculated with the aid of a further cryptographic key. It can then be verified hereby whether the electronic signature transferred to the chip card and the electronic signature calculated on the chip card match. If this is the case, the information has been transferred without error to the chip card. Manipulation is prevented in this known method by the fact that the further cryptographic key is certified by a trustworthy authority.
It is not possible with the aid of the known method described in the last section to verify whether the information has been placed in the location allocated to it in the memory of the chip card. If an application which is to be placed onto the chip card comprises data and code, it may be necessary to distribute these data and the code to different files in the directory. Using the known method, it can then be verified whether the data and the code have been transferred without manipulation of the same to the chip card. However, it is not possible to establish by means of the known method whether the data and the code have been placed properly in the various files.